Path Traversal in Anthropics Claude-code

CVE-2026-39861

Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path wit…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.002 (37.6th percentile) — read the EPSS interpretation.